Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Notifications API for Registrations Sends Password in Plain Text #954

Closed
patdumond opened this issue Jun 1, 2016 · 2 comments
Closed

Notifications API for Registrations Sends Password in Plain Text #954

patdumond opened this issue Jun 1, 2016 · 2 comments
Assignees
@jaswrks
Labels
security
Milestone
v170524

Comments

@patdumond
Copy link

Currently, the Notifications API for Registrations sends the password field in its data. This is a security problem and the password should never be sent in an Admin notification anyway. Suggest the password field be removed from this Notification.
@jaswrks jaswrks added this to the Next Release milestone Jun 7, 2016
@raamdev raamdev modified the milestones: Next Release, Future Release Oct 12, 2016
@raamdev raamdev modified the milestones: Future Future Milestone, Future Release Nov 21, 2016
@jaswrks jaswrks self-assigned this Apr 17, 2017
jaswrks pushed a commit that referenced this issue Apr 18, 2017
Preparing pull request. See: #954
f4ab185
@jaswrks jaswrks mentioned this issue Apr 18, 2017
Merged
jaswrks pushed a commit that referenced this issue Apr 18, 2017
- (s2Member/s2Member Pro) **Security Enhancement:** This release remo…
3bc99fc 
…ves the `%%user_pass%%` Replacement Code from the API Registration Notification email that is sent to a site owner; i.e., when/if it is configured by a site owner. Props @patdumond see [Issue #954](#954). This Replacement Code was removed as a security precaution.
@jaswrks
Copy link
Contributor

jaswrks commented Apr 18, 2017

Coming soon .. Next Release

  • (s2Member/s2Member Pro) Security Enhancement: This release removes the %%user_pass%% Replacement Code from the API Registration Notification email that is sent to a site owner; i.e., when/if it is configured by a site owner. Props @patdumond see Issue #954. This Replacement Code was removed as a security precaution.

@raamdev raamdev mentioned this issue Apr 25, 2017
Closed
@raamdev
Copy link
Contributor

raamdev commented May 24, 2017

s2Member v170524 has been released and includes changes from this GitHub Issue. See the v170524 announcement for further details.

This issue will now be locked to further updates. If you have something to add related to this GitHub Issue, please open a new GitHub Issue and reference this one (#954).

@raamdev raamdev closed this as completed May 24, 2017
@wpsharks wpsharks locked and limited conversation to collaborators May 24, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@jaswrks jaswrks

Labels
security
Projects
None yet
Milestone
v170524
Development

No branches or pull requests
3 participants
@raamdev @jaswrks @patdumond